ThuDnefednseeCroSdecan - E-SPIN Group

ThunderScan ReportCompany: E-SPIN
Author: E-SPIN
E-mail: [email protected]
Brief Description: Example source code report using DefenseCode Thunder Scan
www.defensecode.com
SQL Injection 8
File Disclosure 3
Scanned Files: 261
Code Lines: 51991
Creation Date: 1/3/2019
Vulnerability Description:
SQL Injection (SQLi) vulnerability occurs when a user input is used in the construction of an SQL query without proper user input string neutraliza tion (sanitization). A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), ex ecute administration operations on the database (such as shutdown of the DBMS), recover the content of a given file present on the DBMS file s ystem or in some cases issue commands to the operating system.
Mitigating Recommendations:
- Correct filtering (escaping) of string literal escape characters in SQL statements, like single quote ('), double quote (\"), backslash (\) and NUL (t he NULL byte).
- Checking parameters for valid representation for the give type (integer, float or boolean).
- When validating data on the client side, also validate all data on the server side.
- Correct database permissions on logon, which restricts web application or user access to unnecessary data.
Further Reading:
HIGH 49 26
Vulnerability:
Input variable:
User Input Flow:
NR. Variable Line
0. username_login 49
Mitigating Factor:
2. SQL Injection through connection.prepareStatement
Risk: Code Line: Vuln ID:
HIGH 49 27
Vulnerability:
Input variable:
User Input Flow:
NR. Variable Line
0. password_login 49
Mitigating Factor:
No mitigating factors, input variable did not pass through Java input validation functions.
3. SQL Injection through statement.executeQuery
HIGH 52 28
Vulnerability:
User Input Flow:
NR. Variable Line
0. username_reg 50
1. checkUserQuery 50
Mitigating Factor:
HIGH 69 58
Vulnerability:
1. injectableQuery 57
User Input Flow:
NR. Variable Line
0. userid_6a 57
Lesson6a.java
2. query 64
Mitigating Factor:
HIGH 51 59
Vulnerability:
User Input Flow:
NR. Variable Line
0. username_reg 49
1. checkUserQuery 49
Mitigating Factor:
HIGH 67 69
Vulnerability:
User Input Flow:
NR. Variable Line
0. account 56
1. accountName 59
2. query 62
Mitigating Factor:
HIGH 69 70
Vulnerability:
User Input Flow:
NR. Variable Line
0. userid 57
1. accountName 61
2. query 64
Mitigating Factor:
8. SQL Injection through connection.prepareStatement
HIGH 46 85
Vulnerability:
Input variable:
User Input Flow:
NR. Variable Line
0. column 46
Mitigating Factor:
File Disclosure (3)
File Disclosure vulnerability occurs when an external input is used to construct a pathname that is intended to identify a file or a directory located underneath a restricted parent directory. The application does not properly neutralize (sanitize) special elements within the pathname, which can cause the pathname to resolve to a location that is outside of the restricted directory. Successful file disclosure attack can result in sensitive files disclosure, and can often lead to full system compromise.
- Using a whitelist of directories from which files are allowed for download and validate requests based on that list.
- Validate file types requested by users.
- Index files which are allowed for download and pass only their index numbers as the URL parameter values.
Further Reading:
HIGH 55 30
Vulnerability:
File(element)
User Input Flow:
NR. Variable Line
0. args 53
1. element 53
Mitigating Factor:
HIGH 47 91
File:
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webwolf\src\main\java\org\owasp\webwolf\FileServer.java
Vulnerability:
Function Call Stack:
NR. Function Line
0. File 47
User Input Flow:
NR. Variable Line
0. getOriginalFilename 47
Mitigating Factor:
3. File Disclosure through File
HIGH 48 92
File:
Vulnerability:
NR. Function Line
0. File 48
User Input Flow:
NR. Variable Line
0. getOriginalFilename 48
Mitigating Factor:
Command Execution (1)
Command Execution vulnerability occurs when an application passes unsafe data supplied by the user (forms, cookies, HTTP headers etc.) to a system shell. In this attack operating system commands supplied by the attacker are usually executed with the privileges of the vulnerable applic ation. Successful shell command execution attack can result in arbitrary command execution and a full system compromise.
- Filtering out command directory names.
Further Reading:
HIGH 67 35
Vulnerability:
User Input Flow:
NR. Variable Line
0. token 64
1. b64token 64
Mitigating Factor:
Cross Site Scripting (30)
Cross Site Scripting (XSS) vulnerability occurs when an application either does not perform or it performs incorrect neutralization (sanitization) o f input data that is included in a web application response. As the result, an attacker is able to inject and execute arbitrary HTML and script code i n a user's browser within the context of the vulnerable website. These attacks are often used to steal authentication credentials (e.g. session IDs in cookies). Depending on the vulnerability and the web application, it is also possible to completely alter the web page itself or control the victim's browser.
- Escape HTML before inserting untrusted data into element content.
- Escape attribute before inserting untrusted data into HTML common attributes.
- Escape JavaScript before inserting untrusted data into JavaScript data values.
- Escape CSS and strictly validate before inserting untrusted data into HTML style property values.
- Escape URL before inserting untrusted data into HTML URL parameter values.
- Use HTML policy engine to validate or clean user-driven HTML in an outbound way.
- Prevent DOM-based XSS.
MEDIUM 46 25
Vulnerability:
Spring_Return_XSS((failed.feedback("user.not.larry").feedbackArgs(username_login).build()))
User Input Flow:
NR. Variable Line
Mitigating Factor:
2. Cross Site Scripting through Spring_Return_XSS
MEDIUM 77 29
Vulnerability:
Spring_Return_XSS((success.feedback("email.send").feedbackArgs(email).build()))
User Input Flow:
NR. Variable Line
0. email 77
Mitigating Factor:
MEDIUM 76 32
File:
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\idor\src\main\java\org\owasp\webgoat\plugin\IDORLogin.java
Vulnerability:
Spring_Return_XSS((trackProgress(success.feedback("idor.login.success").feedbackArgs(username).build())))
NR. Function Line
0. Spring_Return_XSS 76
User Input Flow:
NR. Variable Line
0. username 76
Mitigating Factor:
MEDIUM 64 42
Vulnerability:
Spring_Return_XSS((userService.loadUserByUsername(newUser.getUsername())))
1. loadUserByUsername 64
User Input Flow:
NR. Variable Line
0. newUser 64
onACUsers.java
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-container\src\main\java\org\owasp\webgoat\users\UserService.java
2. webGoatUser 29
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-container\src\main\java\org\owasp\webgoat\users\UserService.java
Mitigating Factor:
MEDIUM 54 44
Vulnerability:
Spring_Return_XSS((allUsersMap))
User Input Flow:
NR. Variable Line
0. executeQuery 35
1. results 35
2. userMap 45
3. allUsersMap 51
Mitigating Factor:
MEDIUM 49 50
Vulnerability:
Spring_Return_XSS((trackProgress(failed.feedback("password-questions-unknown-user").feedbackArgs(username).build())))
User Input Flow:
NR. Variable Line
0. json 41
1. username 41
Mitigating Factor:
MEDIUM 72 51
Vulnerability:
Spring_Return_XSS((success.feedback("email.send").feedbackArgs(email).build()))
User Input Flow:
NR. Variable Line
0. email 72
Mitigating Factor:
MEDIUM 52 55
Vulnerability:
User Input Flow:
NR. Variable Line
0. email 52
Mitigating Factor:
MEDIUM 57 62
Vulnerability:
Spring_Return_XSS((injectableQuery(userid_6a)))
User Input Flow:
NR. Variable Line
0. userid_6a 57
1. query 64
2. results 69
3. t 114
4. t 126 C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\sql-injection\src\main\java\org\owasp\webgoat\plugin\introduction\SqlInjecti onLesson5a.java
5. output 75
6. output 80
7. executeQuery 69
8. results 69
9. t 114
10. t 126
11. output 75
12. output 80
13. query 64
14. results 69
15. t 114
16. t 126
17. output 75
18. output 90
19. executeQuery 69
Lesson6a.java
21. t 114
22. t 126
23. output 75
24. output 90
Mitigating Factor:
MEDIUM 80 63
Vulnerability:
Spring_Return_XSS((trackProgress(success.feedback("sql-injection.6a.success").feedbackArgs(output.toString()).build())))
1. trackProgress 80
User Input Flow:
NR. Variable Line
0. executeQuery 69
1. results 69
2. t 114
3. t 126
4. output 75
5. attackResult 68
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-container\src\main\java\org\owasp\webgoat\assignments\AssignmentEndpoint.java
Mitigating Factor:
MEDIUM 82 64
Vulnerability:
Spring_Return_XSS((trackProgress(failed.output(output.toString()).build())))
1. trackProgress 82
User Input Flow:
NR. Variable Line
0. executeQuery 69
1. results 69
2. t 114
3. t 126
4. output 75
5. attackResult 68
Mitigating Factor:
MEDIUM 86 66
Vulnerability:
Spring_Return_XSS(((password)))
User Input Flow:
NR. Variable Line
0. executeQuery 73
2. password 76
Mitigating Factor:
MEDIUM 90 67
Vulnerability:
Spring_Return_XSS((trackProgress(failed.output(sqle.getMessage()).build())))
User Input Flow:
NR. Variable Line
0. executeQuery 69
1. results 69
2. t 114
3. t 126
4. output 75
Mitigating Factor:
MEDIUM 94 68
Vulnerability:
Spring_Return_XSS((trackProgress(failed.output(getClass.getName() + " : " + e.getMessage()).build())))
User Input Flow:
NR. Variable Line
0. executeQuery 69
1. results 69
2. t 114
3. t 126
4. output 75
Mitigating Factor:
MEDIUM 56 75
Vulnerability:
Spring_Return_XSS((injectableQuery(account)))
User Input Flow:
NR. Variable Line
0. account 56
1. query 62
2. results 67
3. t 114
4. t 126
5. output 73
6. output 78
7. executeQuery 67
8. results 67
9. t 114
10. t 126
11. output 73
12. output 78
13. query 62
14. results 67
15. t 114
16. t 126
17. output 73
18. output 88
19. executeQuery 67
20. results 67
21. t 114
22. t 126
23. output 73
24. output 88
Mitigating Factor:
MEDIUM 57 76
Vulnerability:
Spring_Return_XSS((injectableQuery(userid)))
User Input Flow:
NR. Variable Line
0. userid 57
1. query 64
2. results 69
3. t 114
4. t 126
5. output 75
6. output 80
7. executeQuery 69
8. results 69
9. t 114
10. t 126
11. output 75
12. output 80
13. query 64
14. results 69
15. t 114
16. t 126
17. output 75
18. output 92
19. executeQuery 69
20. results 69
21. t 114
22. t 126
23. output 75
24. output 92
Mitigating Factor:
MEDIUM 80 77
Vulnerability:
Spring_Return_XSS((trackProgress(success.feedback("sql-injection.5b.success").feedbackArgs(output.toString()).build())))
1. trackProgress 80
User Input Flow:
NR. Variable Line
0. executeQuery 69
1. results 69
2. t 114
3. t 126
4. output 75
5. attackResult 68
Mitigating Factor:
MEDIUM 78 78
Vulnerability:
Spring_Return_XSS((trackProgress(success.feedback("sql-injection.5a.success").feedbackArgs(output.toString()).build())))
1. trackProgress 78
User Input Flow:
NR. Variable Line
0. executeQuery 67
1. results 67
2. t 114
3. t 126
4. output 73
5. attackResult 68
Mitigating Factor:
MEDIUM 82 79
Vulnerability:
1. trackProgress 82
User Input Flow:
NR. Variable Line
0. executeQuery 69
1. results 69
2. t 114
3. t 126
4. output 75
5. attackResult 68
Mitigating Factor:
MEDIUM 80 80
Vulnerability:
1. trackProgress 80
User Input Flow:
NR. Variable Line
0. executeQuery 67
1. results 67
2. t 114
3. t 126
4. output 73
5. attackResult 68
Mitigating Factor:
MEDIUM 92 81
Vulnerability:
User Input Flow:
NR. Variable Line
0. executeQuery 69
1. results 69
2. t 114
3. t 126
4. output 75
Mitigating Factor:
MEDIUM 88 82
Vulnerability:
User Input Flow:
NR. Variable Line
0. executeQuery 67
1. results 67
2. t 114
3. t 126
4. output 73
Mitigating Factor:
MEDIUM 91 83
Vulnerability:
User Input Flow:
NR. Variable Line
0. executeQuery 67
1. results 67
2. t 114
3. t 126
4. output 73
Mitigating Factor:
MEDIUM 96 84
Vulnerability:
User Input Flow:
NR. Variable Line
0. executeQuery 69
1. results 69
2. t 114
3. t 126
4. output 75
Mitigating Factor:
MEDIUM 48 86
Vulnerability:
Spring_Return_XSS((informationMessage.feedback("webwolf.email_send").feedbackArgs(email).build()))
User Input Flow:
NR. Variable Line
0. email 48
Mitigating Factor:
MEDIUM 50 87
Vulnerability:
Spring_Return_XSS((informationMessage.feedback("webwolf.email_mismatch").feedbackArgs(username).build()))
User Input Flow:
NR. Variable Line
0. email 34
1. username 34
Mitigating Factor:
MEDIUM 60 88
Vulnerability:
Spring_Return_XSS((trackProgress(failed.feedbackArgs("webwolf.code_incorrect").feedbackArgs(uniqueCode).build())))
1. trackProgress 60
User Input Flow:
NR. Variable Line
0. uniqueCode 60
1. attackResult 68
Mitigating Factor:
28. Cross Site Scripting through pw.println
MEDIUM 64 89
File:
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\xxe\src\main\java\org\owasp\webgoat\plugin\Ping.java
Vulnerability:
pw.println(logLine);
NR. Function Line
0. pw.println 64
User Input Flow:
NR. Variable Line
0. userAgent 59
1. logLine 59
Mitigating Factor:
29. Cross Site Scripting through pw.println
MEDIUM 64 90
File:
Vulnerability:
pw.println(logLine);
NR. Function Line
0. pw.println 64
User Input Flow:
NR. Variable Line
0. text 59
1. logLine 59
Mitigating Factor:
30. Cross Site Scripting through modelAndView.addObject
MEDIUM 77 93
File:
Vulnerability:
NR. Function Line
0. modelAndView.addObject 77
User Input Flow:
NR. Variable Line
0. getParameter 77
Mitigating Factor:
Misc. Dangerous Functions (54)
Miscellaneous dangerous functions are functions that could introduce a vulnerability of an unpredictable security impact if they are used incorre ctly. Functions like LoadLibrary or printStackTrace could result in arbitrary code execution or information disclosure.
Further Reading:
LOW 99 0
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-container\src\main\java\org\owasp\webgoat\session\DatabaseUtilities.java
Vulnerability:
printStackTrace
User Input Flow:
NR. Variable Line
0. printStackTrace 99
Mitigating Factor:
2. Misc. Dangerous Functions through printStackTrace
LOW 117 1
Vulnerability:
printStackTrace
User Input Flow:
NR. Variable Line
Mitigating Factor:
3. Misc. Dangerous Functions through Weak Random
LOW 14 2
Vulnerability:
User Input Flow:
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\challenge\src\main\java\org\owasp\webgoat\plugin\challenge7\PasswordRe setLink.java
Mitigating Factor:
LOW 71 3
Vulnerability:
printStackTrace
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 47 4
File:
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\csrf\src\main\java\org\owasp\webgoat\plugin\CSRFGetFlag.java
Vulnerability:
0. Weak Random 47
User Input Flow:
NR. Variable Line
0. Weak Random 47
Mitigating Factor:
LOW 53 5
File:
Vulnerability:
0. Weak Random 53
User Input Flow:
NR. Variable Line
0. Weak Random 53
Mitigating Factor:
LOW 64 6
File:
Vulnerability:
0. Weak Random 64
User Input Flow:
NR. Variable Line
0. Weak Random 64
Mitigating Factor:
LOW 67 7
Vulnerability:
printStackTrace
onACUsers.java
Mitigating Factor:
LOW 58 8
Vulnerability:
printStackTrace
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 67 9
Vulnerability:
printStackTrace
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 71 10
Vulnerability:
printStackTrace
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 83 11
Vulnerability:
printStackTrace
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 88 12
Vulnerability:
printStackTrace
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 92 13
Vulnerability:
printStackTrace
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 93 14
Vulnerability:
printStackTrace
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 79 15
Vulnerability:
printStackTrace
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 83 16
Vulnerability:
printStackTrace
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 95 17
Vulnerability:
printStackTrace
User Input Flow:
NR. Variable Line
Mitigating Factor:
19. Misc. Dangerous Functions through Heap Inspection
LOW 112 18
Vulnerability:
password
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 25 19
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-container\src\main\java\org\owasp\webgoat\session\WebgoatContext.java
Vulnerability:
databasePassword
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 24 20
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-container\src\main\java\org\owasp\webgoat\users\UserForm.java
Vulnerability:
password
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 27 21
Vulnerability:
matchingPassword
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 12 22
Vulnerability:
PASSWORD
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\challenge\src\main\java\org\owasp\webgoat\plugin\SolutionConstants.java
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 13 23
Vulnerability:
PASSWORD_TOM
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 14 24
Vulnerability:
ADMIN_PASSWORD_LINK
User Input Flow:
NR. Variable Line
Mitigating Factor:
26. Misc. Dangerous Functions through x.getMessage
LOW 57 31
Vulnerability:
System.err.println(x.getMessage());
User Input Flow:
NR. Variable Line
0. N/A 57
Mitigating Factor:
27. Misc. Dangerous Functions through ex.getMessage
LOW 72 33
File:
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\idor\src\main\java\org\owasp\webgoat\plugin\IDORViewOwnProfile.java
Vulnerability:
System.out.println(ex.getMessage());
NR. Function Line
0. ex.getMessage 72
User Input Flow:
NR. Variable Line
0. N/A 72
Mitigating Factor:
LOW 77 34
File:
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\idor\src\main\java\org\owasp\webgoat\plugin\IDORViewOwnProfileAltUrl.jav a
Vulnerability:
System.out.println(ex.getMessage());
NR. Function Line
0. ex.getMessage 77
User Input Flow:
NR. Variable Line
0. N/A 77
Mitigating Factor:
LOW 34 36
File:
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\jwt\src\main\java\org\owasp\webgoat\plugin\JWTRefreshEndpoint.java
Vulnerability:
PASSWORD
0. Heap Inspection - PASSWORD 34
User Input Flow:
NR. Variable Line
0. Heap Inspection 34
Mitigating Factor:
LOW 35 37
File:
Vulnerability:
JWT_PASSWORD
User Input Flow:
NR. Variable Line
Mitigating Factor:
31. Misc. Dangerous Functions through e.getMessage
LOW 83 38
File:
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\jwt\src\main\java\org\owasp\webgoat\plugin\JWTFinalEndpoint.java
Vulnerability:
NR. Function Line
0. e.getMessage 83
User Input Flow:
NR. Variable Line
0. N/A 83
Mitigating Factor:
LOW 42 39
File:
Vulnerability:
password
0. Heap Inspection - password 42
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 42 40
File:
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\jwt\src\main\java\org\owasp\webgoat\plugin\JWTVotesEndpoint.java
Vulnerability:
JWT_PASSWORD
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 49 41
File:
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\jwt\src\main\java\org\owasp\webgoat\plugin\JWTSecretKeyEndpoint.java
Vulnerability:
return ((trackProgress(failed.feedback("jwt-invalid-token").output(e.getMessage()).build())));
NR. Function Line
0. e.getMessage 49
User Input Flow:
NR. Variable Line
0. N/A 49
Mitigating Factor:
LOW 66 43
Vulnerability:
Input variable:
User Input Flow:
NR. Variable Line
0. N/A 66
Mitigating Factor:
36. Misc. Dangerous Functions through sqle.getMessage
LOW 60 45
Vulnerability:
User Input Flow:
NR. Variable Line
0. N/A 60
Mitigating Factor:
LOW 69 46
Vulnerability:
User Input Flow:
NR. Variable Line
0. N/A 69
Mitigating Factor:
LOW 90 47
Vulnerability:
User Input Flow:
NR. Variable Line
0. N/A 90
Mitigating Factor:
LOW 35 48
Vulnerability:
PASSWORD_TOM_9
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\password-reset\src\main\java\org\owasp\webgoat\plugin\ResetLinkAssignm ent.java
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 38 49
Vulnerability:
usersToTomPassword
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 104 52
Vulnerability:
password
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 106 53
Vulnerability:
passwordTom
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 106 54
Vulnerability:
PASSWORD_TOM_9)
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 19 56
Vulnerability:
password
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\password-reset\src\main\java\org\owasp\webgoat\plugin\resetlink\Passwor dChangeForm.java
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 29 57
Vulnerability:
PASSWORD_TOM
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\sql-injection\src\main\java\org\owasp\webgoat\plugin\advanced\SqlInjection Challenge.java
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 90 60
Vulnerability:
User Input Flow:
NR. Variable Line
0. N/A 90
Mitigating Factor:
LOW 94 61
Vulnerability:
Lesson6a.java
Mitigating Factor:
LOW 65 65
Vulnerability:
password
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\sql-injection\src\main\java\org\owasp\webgoat\plugin\advanced\SqlInjection Lesson6b.java
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 88 71
Vulnerability:
User Input Flow:
NR. Variable Line
0. N/A 88
Mitigating Factor:
LOW 92 72
Vulnerability:
User Input Flow:
NR. Variable Line
0. N/A 92 C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webgoat-lessons\sql-injection\src\main\java\org\owasp\webgoat\plugin\introduction\SqlInjecti onLesson5b.java
Mitigating Factor:
LOW 91 73
Vulnerability:
User Input Flow:
NR. Variable Line
0. N/A 91
Mitigating Factor:
LOW 96 74
Vulnerability:
User Input Flow:
NR. Variable Line
0. N/A 96
Mitigating Factor:
LOW 22 94
File:
C:\Users\Admin\Desktop\WebGoat-8.0.0.M24\webwolf\src\main\java\org\owasp\webwolf\user\UserForm.java
Vulnerability:
password
0. Heap Inspection - password 22
User Input Flow:
NR. Variable Line
Mitigating Factor:
LOW 25 95
File:
Vulnerability:
matchingPassword
0. Heap Inspection - Password 25
User Input Flow:
NR. Variable Line
Mitigating Factor:
DefenseCode
ThunderScan
(Java)
REPORT
File Disclosure (3)
Command Execution (1)
Cross Site Scripting (30)
Misc. Dangerous Functions (54)
26. Misc. Dangerous Functions through x.getMessage

Date post:	27-Mar-2022
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

ThuDnefednseeCroSdecan - E-SPIN Group

Documents